CVE-2014-4114

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1

Description A vulnerability in Windows OLE allows remote code execution when a user opens a file containing a specially crafted OLE object. This could allow an attacker to gain the same user rights as the logged-on user. If the current user is logged on with administrative user rights, an attacker could install programs, view, change, or delete data, or create new accounts with full user rights. The vulnerability has been exploited in the wild with a "Sandworm" attack. Users with limited rights on the system are less impacted than users who operate with administrative user rights.

Recommendations For Microsoft Windows Vista SP2, consider disabling the OLE object handling until a patch is available. For Microsoft Windows Server 2008 SP2 and R2 SP1, restrict access to Office documents that may contain crafted OLE objects. For Microsoft Windows 7 SP1, avoid opening files from untrusted sources that may contain specially crafted OLE objects. For Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, apply configuration changes to limit the impact of the vulnerability, such as restricting user rights. At the moment, there is no information about a newer version that contains a fix for this vulnerability.